Roman Tkachenko
1e09b825f6
Port fixes from v8 ( #9397 )
...
* Update oxy
* Do not allow MySQL COM_CHANGE_USER command
* Add support for all MongoDB wire messages
* Drone fix
2021-12-15 06:38:05 +00:00
Russell Jones
cf7696cad6
Fixed IsInternal issue in Check workflow.
...
Fixed issue where IsInternal was returning false for docs reviewers in
the Check workflow.
2021-12-14 18:26:20 -08:00
Russell Jones
821e317b3f
Updated checking logic for code owners.
...
Check logic will now approve with two code owner approvals along with
single code owner + code reviewer approval.
2021-12-14 13:51:45 -08:00
Andrew Burke
e5ba176a34
Enable canned ACL for S3 ( #9042 )
...
This change allows admins to specify a canned ACL when using S3.
2021-12-14 20:31:56 +00:00
Marek Smoliński
c9ee98b6af
Doc update mongo postgres separate listeners ( #9340 )
2021-12-14 17:42:12 +00:00
Joel
2702856908
Allow a configurable event TTL in DynamoDB ( #8840 )
2021-12-14 18:04:44 +01:00
Marek Smoliński
f906831e58
Add ability to run Mongo proxy on separate listener ( #9194 )
2021-12-14 14:26:14 +01:00
Alex McGrath
3df447f19d
Include --insecure options for teleport {db|app}
2021-12-13 23:22:15 +00:00
Jim Bishopp
4127f1848a
Fix app server goroutine leak ( #9332 )
...
Fixes https://github.com/gravitational/teleport-private/issues/79
LAT-APP21-4: DOS - Goroutine leak in app server
Prevent the app server's HandleConnection from blocking for
every connection until the server closes. This change blocks
only until the connection is closed.
2021-12-10 21:28:51 +00:00
Marek Smoliński
d24ae5b1ce
Add ability to run Postgres proxy on separate listener ( #8323 )
2021-12-10 11:05:19 +01:00
Edoardo Spadolini
c3dee235a2
Ensure we don't miss the resolution of an access request ( #9193 )
...
This makes it so that tsh will watch for access request resolution on the
correct (root) cluster, and it will not create access requests before the event
watcher is ready.
Fixes #9003 and #9244 .
2021-12-10 08:09:36 +00:00
Chongyang
d19fe1cc99
Run tsh play requests with correct CLI context
2021-12-09 21:58:58 -08:00
Michael Ferranti
4ff0f3c45f
Delete extra % sign
...
with the function, it renders like this, so deleted the % sign.
"Teleport Cloud commits to SLA of 99.5%% of monthly uptime percentage, a maximum of 3 hours 40 minutes of downtime per month."
Either need to merge this PR or fix in the function.
2021-12-09 21:58:58 -08:00
Isaiah Becker-Mayer
368f934739
[auto] Update webassets in master
...
6f80eee move jest rules to test overrides (#498 ) https://github.com/gravitational/webapps/commit/6f80eee
[source: -w master] [target: -t master]
2021-12-09 21:58:58 -08:00
Steven Martin
f79ad49e5b
Update example username desktop service to single quotes
2021-12-09 21:58:58 -08:00
quinqu
759f44c1f6
Correct Dismiss function spelling.
2021-12-09 21:58:58 -08:00
Zac Bergquist
a165ad2fcb
Tweak LDAPS troubleshooting docs
...
Make it clear that an LDAP connection reset can be due to attempting
to connect on port 389 (which is what our original instructions advised)
2021-12-09 21:58:58 -08:00
matheus
e8f3b54684
Improve error message when TOPT is not valid
2021-12-09 21:58:58 -08:00
Forrest Marshall
d2a55b62b8
fix racy test
2021-12-09 21:58:58 -08:00
Jeff Anderson
704b28fcaf
bump nginx1.12 to nginx1
...
amazon_linux_extras has marked nginx1.12 topic as EOL and nginx1 is the
new stable topic to use.
2021-12-09 21:58:58 -08:00
Jeff Anderson
30acd1c5a7
Use in-memory cache for autoscale HA cluster
...
* Use in-memory cache for autoscale HA cluster
* bump max_connections and add BATS test
2021-12-09 21:58:58 -08:00
Travis Haas
27708b30e1
Add PDB to teleport-kube-agent chart
...
* Add PDB to teleport-kube-agent chart
* Support a root value of replicaCount
* Update lint values for kube-agent pdb
* Add changes to statefulset
2021-12-09 21:58:58 -08:00
David Heitman
5601c085c0
Optionally allow cluster_name to override public_address being used for cluster_name
2021-12-09 21:58:58 -08:00
Trent Clarke
6916e64ce6
Disable drone triggers ( #9313 )
...
Removes all Drone CI tasks from `dronegen` and `.drone.yml`
2021-12-10 15:46:27 +11:00
Jane Quintero
36e4570db6
Check If HEAD Branch Is A Fork ( #9302 )
2021-12-09 23:30:48 +00:00
Zac Bergquist
3a50912e77
Fix the CRL distribution point in Windows certs ( #9299 )
...
A bug introduced in #9152 resulted in us publishing a CRL distribution
point to LDAP which was different than the one encoded in the certs.
Refactor the logic for generating these DNs into shared methods
and add test coverage that verifies the certs meet Windows requirements.
Fixes #9292
2021-12-09 22:04:23 +00:00
Forrest Marshall
2e5ea8fb98
improve lock tests
2021-12-09 13:01:35 -08:00
Forrest Marshall
6f3ce8d3f5
improve Cache.ListNodes perf
2021-12-09 13:01:35 -08:00
Forrest Marshall
dfd3732c6b
improve concurrent watcher registration perf
2021-12-09 13:01:35 -08:00
Forrest Marshall
d52241d969
bump backend limit
2021-12-09 13:01:35 -08:00
dmitri
47b8981de9
Remove uploadCtx/uploadDone as these are automatically reflected with uploadLoopDoneCh
2021-12-09 12:14:45 -08:00
dmitri
5e0c8c9b9a
Do not use the server's context to complete the stream - it might have
...
been already cancelled.
Proto stream to make sure the streams have been completely written
before exiting from Close.
Bug reference: https://drone.teleport.dev/gravitational/teleport/7755/1/7
2021-12-09 12:14:45 -08:00
Jim Bishopp
0ba6809cc4
Fix CryptoRandomHex function ( #9186 )
...
Fixes https://github.com/gravitational/teleport-private/issues/80
LAT-APP21-5: Insecure random number generation
- updated rand call from rand.Reader.Read to rand.Read
- changed length parameter name from len to l.
- changed byte slice var name to b.
- updated godoc
2021-12-09 19:50:44 +00:00
rosstimothy
74f553c354
Fix panic running TestIntegration/RotateChangeSigningAlg ( #9316 )
2021-12-09 13:11:18 -05:00
STeve Huang
4e3f795e8f
Add --cluster
flag to all tsh db
subcommands, Add "--diag_addr" flag to teleport db/app start
( #9220 )
...
* add diag to teleport db/app start
* db --cluster flag supports
* add some ut and fix issue ~/.tsh get removed during test
* working mongodb
* fix logout
* fix ut
* code review comment
* fix mysql
2021-12-09 11:24:39 -05:00
Alex McGrath
8fbcafe798
tool/tctl: Log when requested ttl isnt granted for a cert
2021-12-09 14:05:33 +00:00
Zac Bergquist
031fae2c6e
Replace "loose" with "lose" ( #9284 )
2021-12-09 03:12:15 +00:00
Justinas Stankevičius
d32c7e9d7f
Avoid "Entering/Leaving directory" output in Make ( #9246 )
2021-12-09 02:47:49 +00:00
Josh Wieder
70ebd1f0c0
Update docker-compose.yml
...
tutum/curl has been deprecated and turned private on dockerhub for years. curlimages/curl works.
2021-12-08 18:27:48 -08:00
Rosalind Lutsky
f971c1f0ad
Add thredUP case study to adopters page
2021-12-08 18:27:48 -08:00
Gus Luxton
aada505207
Fix confusing port example in standalone docs
...
External listeners should always be on port 3026, not 3027. This `kube_public_addr` doesn't conform and is causing confusion.
2021-12-08 18:27:48 -08:00
Alexey Ivanov
93e299741d
Add scopes description to the docs
2021-12-08 18:27:48 -08:00
Sagi Sarussi
0878271e48
Remove duplicate YouTube link
2021-12-08 18:27:48 -08:00
Cody Roseborough
cad8fa4576
Add missing parenthesis in README
2021-12-08 18:27:48 -08:00
Alen
a5e1fd2dd1
remove sudo from yum install
...
removed sudo from yum install b/c it's not required and causes issues with security hardened base AMIs
2021-12-08 18:27:48 -08:00
Russell Jones
598e2417ad
Update check.yaml
2021-12-08 17:43:59 -08:00
Alexander Klizhentas
b79655738c
Improve docs for per-session MFA
...
Better note that removes confusion.
2021-12-08 17:06:26 -08:00
Jane Quintero
9b5fd64431
Check if PR is from a fork before dismissing runs. ( #9300 )
2021-12-08 16:12:50 -08:00
Alan Parra
e854a82c1c
Add Security and UX sections to the canonical RFD ( #9251 )
...
* Add Security and UX sections to the canonical RFD
* Add guidance for Security and UX
2021-12-08 19:43:30 -03:00
Zac Bergquist
1a9416c19f
Fix CheckAndSetDefaults for UserTokenSecretsV3 ( #9290 )
...
Since CheckAndSetDefaults mutates the receiver, we need a pointer
receiver.
2021-12-08 12:00:03 -08:00